On May 28, 2015, at 12:26 PM, Martin Kosek <mko...@redhat.com> wrote: > > On 05/28/2015 07:10 PM, Timothy Worman wrote: >>> On Mar 26, 2015, at 3:08 PM, Dmitri Pal <d...@redhat.com> wrote: >>> >>> On 03/26/2015 03:19 PM, Timothy Worman wrote: >>>> On Mar 26, 2015, at 11:42 AM, Martin Kosek <mko...@redhat.com> wrote: >>>>> On 03/26/2015 07:37 PM, Timothy Worman wrote: >>>>>> Thanks everyone for the input. >>>>>> >>>>>> I do agree that I don’t like the sound of option 1. I don’t want to be >>>>>> sending CLI commands from a remote host. And option 3 sounds sounds a >>>>>> bit brittle to me. >>>>>> >>>>>> 2 sounds like the most solid option available right now. I like the fact >>>>>> that there’s an existing/working API there. I’ll need to look into >>>>>> converting my objects into json. >>>>>> >>>>>> This area honestly seems like one of the weakest aspects of freeipa. >>>>>> There really needs to be a way to push known person entities into the >>>>>> directory easily. >>>>> There may be some disconnect, the JSONRPC/XMLRPC API is the way we still >>>>> see as an easy way to manipulate the entries (besides CLI and Web UI). In >>>>> Python, adding new user is that easy: >>>>> >>>>> ~~~ >>>>> from ipalib import api >>>>> from ipalib import errors >>>>> >>>>> api.bootstrap(context='cli') >>>>> api.finalize() >>>>> api.Backend.rpcclient.connect() >>>>> api.Command['user_add'](u'newuser', givenname=u'New', sn=u'User') >>>>> ~~~ >>>>> >>>>> What way would you suggest to make it more conforming to your use case? >>>>> Are you suggesting REST interface doing the above or something else? >>>> Oh, I think the JSON option is the best one currently available. But I do >>>> think REST-ful service would be a good idea. >>>> >>>>> I would be willing to test option 4 if that is where the future is headed. >>>>> >>>>> Ok, just note that this still means LDAP interface a need to talk in LDAP >>>>> protocol. >>>> This may not be a bad thing if you’re using an ORM like Webobjects/EOF or >>>> Cayenne since you can model those ldap entities and simply set their >>>> attributes and insert. At a lower level JNDI will handle it. I personally >>>> prefer this over building strings, sending commands, etc. >>> >>> So this will be ready upstream within several weeks or so. Would you test >>> it once it it is available before the official upstream release? >> >> Hi Dmitri - following up on this to see how progress is going on this >> project. I am definitely still interested in testing this. In the meantime, >> I have been pursuing http client calls posting json. And I have some >> questions I need to pursue on that as well. Should I take this to >> freeipa-devel? > > Hello Timothy, > > I am sorry we did not update this thread, but in the end we decided not to > invest in the REST interface ourselves at this moment (read - FreeIPA 4.2), > but rather work on stabilizing and documenting current JSON-RPC API we have > as we believe the API is easily usable from major languages even though it is > not RESTy. To prove our point, we need good documentation of it and examples > for the major languages. > > This is the proposal of what shall be done in FreeIPA 4.2 that I sent to > freeipa-devel: > http://www.redhat.com/archives/freeipa-devel/2015-April/msg00061.html > > I hope the way we go for the next release is acceptable for you. In the mean > time, if you have specific questions on calling JSON from your programs, both > freeipa-users and freeipa-devel may be suitable, depending on how deep you > want to go in the code... > > HTH, > Martin
Thanks Martin: OK, just to verify - The staging approach (Dmitri spoke about) of inserting records into a staged user schema and having them inserted via a cron job is now off for near releases. I am anxious to see that happen. But, I am working on a java http client (apache httpclient + jaas/Krb5LoginModule) that posts json to the ipaserver. However, I am having some difficulty with kerberos negotiation and I should probably start a separate thread on that - either here or on freeipa-devel. Tim Worman UCLA GSE&IS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project